I agree with you, but on other hand, users have they're needs and if you want to keep up with your competitors, then you need to offer shell as well.

Click to expand...

That's a cop out! I directly own or otherwise have a top level executive role of
76 hosting companies and many of those names you would recognize ...

I additionally have more than 600 other host clients that are resellers, vds, or
dedicated clients operating their hosting business under our network brands ...

NONE OF US ALLOW ANY KIND OF SHELL ACCESS WHATSOEVER!

Those newbie hosts out there who do allow shell usually don't last very long.

The few of those same hosts who survive are almost always the very ones who
wised up and changed their policy regarding shell access.

You need to ask your client(s) exactly why they need any type of shell. I've never found anybody with a hosting account that has come up with an answer good enough for me to break my rule yet.

Click to expand...

And in the extremely rare instance that they might actually find a legitimate need,
it is usually to set something up that would be better if an administrator of the server
did on their behalf. And given that, the client still doesn't need any shell access!

We offer shell to people we know well. Well means that we know them personally or we know someone who knows them personally. They also have to have a good reason for shell access. This adds up to about 1 in 100 clients overall for us.

We don't advertise that we offer shell access. I wouldn't offer it if I wasn't an experienced Unix admin, you'd be crazy to offer it otherwise.

Well if you secure your server properly, I think it is safe to give shell to your users if they got reasonable explanation. Mostly users need they're shell to untar some file or something similar. wget, lynx, and other stuff I forbid them to use (there is nice lil' tool called LES - http://www.rfxnetworks.com/les.php)

@cpanelnick - can I chmod 700 /var/spool , because I see some folders there which I think users should not see.